Getting cranky about “IT Policy,” and improving your password practices

I just read a helpful article about tuning organizational password policy but I’m afraid it rubbed me the wrong way.

What it says is helpful and mostly good practice, but it fails to address the problem from the perspective of the users, and does the usual “well, this will be a pain for the users, but it’s good policy, so we’re recommending it,” which is one of many reasons why people hate IT departments. (I say this as a seasoned IT professional, and I hate us, too. 😉

IF you notice that YOUR passwords violate any of these rules, chances are that they are already broken. Change them now.

To all password users, everywhere: Make your passwords unguessable as best you can. If someone guesses your password, change it. Corollary 1: Since you can’t know if someone might have guessed your password, change it from time to time. If you feel that you have to make a list of passwords, make a list of reminders, not the actual passwords, and keep it safe (not where someone can look at it without you knowing about it). More detail below.

HOW: Continue reading “Getting cranky about “IT Policy,” and improving your password practices”


Investing for retirement: results of a large simulation suggests conventional wisdom on asset allocation is wrong

The New York Times
has published an article summarizing a very interesting study: based on market volatility, the notion of shifting from equities to bonds as we age may not be as useful as has been thought. Worth reading.